Amendments to the Claims: 



1. (currently amended) A method of mobile Internet Protocol communication 
between a private network and a roaming mobile terminal, said private network 
including a home agent for said roaming mobile terminal and a gateway through which 
said communication passes and which provides security protection for said private 
network, the mobile internet protocols of said communication including security 
association bundles each including a security association between said roaming mobile 
terminal and said gateway for inbound communication and another security association 
for outbound communication, the method comprising the steps of: 

in response to a handover of communication, causing aft a care-of IP address (MN 
Co @) of said roaming mobile terminal to change to a new care-of IP address 
(MN New Co @), 

said roaming mobile terminal updates its inbound security association from said 
gateway so that it can receive packets sent to it with said new care-of IP address 
(MN New Co @) as destination, 

said roaming mobile terminal sends a first signalling message with said home agent 
as destination in a secure tunnel to said gateway, 

said first signalling message indicating said new care-of IP address (MN New Co @) 
in secure form to said home agent, 

the inbound security association of said gateway from said roaming mobile terminal 
accepts said first signalling message without checking its source address, 

said gateway forwards said first signalling message within said private network to 
said home agent, 

said home agent checks the validity of said first signalling message and, if it is valid, 
updates its address data and sends a second signalling message to said 
gateway indicating said new care-of IP address (MN New Co @), and 
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said gateway updates its outbound security association with said roaming mobile 
terminal in response to the new care-of IP address (MN New Co @) indicated. 



2. (currently amended) A method as claimed in claim 1, wherein communication 
between said roaming mobile nod e terminal and said gateway is in accordance with an 
IPsec protocol specification. 

3. (currently amended) A method as claimed in claim 2, wherein communication 
between said gateway and said roaming mobile terminal is in accordance with an 
Encapsulating Security Payload protocol used in tunnel mode. 

4. (currently amended) A method as claimed in claim 1, wherein a registration reply 
for said roaming mobile nod e terminal is included in said second signalling message. 

5. (cancelled). 

6. (cancelled). 

7. (cancelled). 

8. (cancelled). 
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9. (currently amended) A system for mobile Internet Protocol communication 
between a private network and a roaming mobile terminal, said private network 
including a home agent for said roaming mobile terminal and a gateway through which 
said communication passes and which provides security protection for said private 
network, the protocols of said communication including security association bundles 
each including a security association between said roaming mobile terminal and said 
gateway for inbound communication and another security association for outbound 
communication, the system comprising: 

the roaming mobile terminal, in response to a handover of communication, causes 
aft a care-of IP address (MN Co @) of said roaming mobile terminal to change to 
a new care-of IP address (MN New Co @), said roaming mobile terminal updates 
its inbound security association from said gateway so that it can receive packets 
sent to it with said new care-of IP address (MN New Co @) as destination, and 
said roaming mobile terminal sends a first signalling message with said home 
agent as destination in a secure tunnel to said gateway, said first signalling 
message indicating said new care-of IP address (MN New Co @) in secure form 
to said home agent, 

the gateway, with the inbound security association of said gateway from said 
roaming mobile terminal, accepts said first signalling message without checking 
its source address, and forwards said first signalling message within said private 
network to said home agent, 

the home agent checks the validity of said first signalling message and, if it is valid, 
updates its address data and sends a second signalling message to said 
gateway indicating said new care-of IP address (MN New Co @), and 

the gateway updates its outbound security association with said roaming mobile 
terminal in response to the new care-of IP address (MN New Co @) indicated. 
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10. (currently amended) A system as claimed in claim 9, wherein communication 
between said roaming mobile nod e terminal and said gateway is in accordance with an 
IPsec protocol specification. 

1 1 .(currently amended) A system as claimed in claim 10, wherein communication 
between said gateway and said roaming mobile terminal is in accordance with an 
Encapsulating Security Payload protocol used in tunnel mode. 

12. (currently amended) A system as claimed in claim 9, wherein a registration reply 
for said roaming mobile node terminal is included in said second signalling message. 
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